Location based fraud reduction system and method

ABSTRACT

Embodiments of the present invention provide for reduction of the likelihood of fraud by having at least one of an identifier of a location from where a request is submitted or information that can lead to identification of the location, submitted with or in addition to a request. Then, determination is made whether to service the request, based at least in part on the location from where the request is submitted or processed. In various embodiments, the location may be compared against predetermined permissible location(s) or a current user location. The request may be a request to conduct a transaction, access data, access a physical or informational resource, or access a secured area.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of and claims priority to U.S. patent application Ser. No. 12/050,752, filed Mar. 18, 2008, entitled “Location Based Fraud Reduction System and Method,” which claims priority to U.S. patent application Ser. No. 10/355,557, filed Jan. 31, 2003, entitled “Location Based Fraud Reduction System and Method,” which claims priority to U.S. Provisional Patent Application No. 60/355,667, filed on Feb. 5, 2002, U.S. Provisional Patent Application No. 60/356,861, filed on Feb. 12, 2002, and U.S. Provisional Patent Application No. 60/361,646, filed on Mar. 4, 2002, the entire disclosures of which are hereby incorporated by reference in their entirety.

TECHNICAL FIELD

Embodiments of the present invention relate to the field of fraud reduction, and in particular, to a request processing system and method for request to enter a financial transaction, access of physical/informational resources, and access of secured area.

BACKGROUND

Credit account fraud costs companies millions of dollars per year. Additionally, companies spend large amounts of time and money trying to reduce credit account fraud. Many transactions involving credit accounts and credit cards occur via the Internet every day. Establishing the identity of the person using a credit card or credit account via the Internet is nearly impossible.

Currently, in the credit card industry there are several ways to help merchants verify that credit card information is actually coming from the cardholder and not a person trying to commit fraud. Unfortunately, none has proven to be effective all of the time.

One method is ZIP code verification. This process occurs when either a website prompts a cardholder to enter their billing ZIP code when completing a purchase form or when an operator verbally requests this information during a telephone transaction. When an order is placed, a match or no match is given based on whether or not the accurate ZIP code information was given.

Another fraud prevention method is additional number verification. Credit card issuers are now including extra digits on cards that are only visible to someone physically holding a card. These numbers usually appear on the front or back of a card. The idea behind this security measure is that only the person holding the card would have access to these numbers. For example, if a thief stole a credit card receipt it could contain the account number and the expiration date, but would not have these extra digits.

The problem with these verification methods is they are not fool proof in preventing fraud in the case where someone has physically stolen the card, piece of mail, or a company's internal database.

Similar problems exist for controlling access to usage of physical/informational resources, and access of secured areas.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention will be readily understood by the following detailed description in conjunction with the accompanying drawings. Embodiments of the invention are illustrated by way of example and not by way of limitation in the figures of the accompanying drawings.

FIG. 1 is a schematic view illustrating a payment device present transaction according to one embodiment of the present invention;

FIG. 2 is a schematic view, according to another embodiment of the present invention, showing a payment device-not-present transaction;

FIG. 3 is a schematic view illustrating an access device-present transaction according to one embodiment of the present invention; and

FIG. 4 is a schematic view illustrating a security device-present transaction according to one embodiment of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

In the following detailed description, reference is made to the accompanying drawings which form a part hereof, and in which are shown by way of illustration embodiments in which the invention may be practiced. It is to be understood that other embodiments may be utilized and structural or logical changes may be made without departing from the scope of the present invention. Therefore, the following detailed description is not to be taken in a limiting sense, and the scope of embodiments in accordance with the present invention is defined by the appended claims and their equivalents.

Embodiments of the present invention include transaction and access control devices and systems equipped to reduce the likelihood of fraud.

Parts of the description will be presented in terms, such as payment device, payment device reader, payment processing system, location, transaction, access request, and so forth, consistent with the manner commonly employed by those skilled in the art to convey the substance of their work to others skilled in the art.

In the following description, various aspects of embodiments of the present invention will be described. However, it will be apparent to those skilled in the art that the embodiments may be practiced with only some or all aspects. For purposes of explanation, specific numbers, materials and configurations are set forth in order to provide a thorough understanding of the embodiments of the present invention. However, it will be apparent to one skilled in the art that the embodiments of the present invention may be practiced without the specific details. In other instances, well-known features are omitted or simplified in order not to obscure the embodiments of the present invention.

Various operations will be described as multiple discrete steps in turn, in a manner that is most helpful in understanding the embodiments of the present invention, however, the order of description should not be construed as to imply that these operations are necessarily order dependent. In particular, these operations need not be performed in the order of presentation.

The phrase “in one embodiment” is used repeatedly. The phrase generally does not refer to the same embodiment, however, it may.

The terms “comprising”, “having” and “including” are synonymous, unless the context dictates otherwise.

As shown in FIG. 1, a payment device-present transaction system 10 is provided according to one embodiment of the present invention. Payment device-present transaction system 10 typically includes a payment device 11 configured to be read by a payment device reader 12. An example of a payment device 11 is a credit or debit card, but may alternatively be a mobile commerce device (such as an mobile commerce enabled mobile telephone) configured to transmit payment information to credit device reader via an infrared or other communication link. In one embodiment, payment device 11 may include a position sensor 11 a, as well as payment information 11 b.

The term “mobile telephone” as used herein (in the specification and in the claims) refers to the class of telephone devices equipped to enable a user to make and receive calls wirelessly, notwithstanding the user's movement, as long as the user is within the communication reach of a service or base station of a wireless network service provider. Unless specifically excluded, the term “mobile telephone” is to include the analog subclass as well as the digital subclass (of all signaling protocols).

The payment device reader 12 typically includes a position sensor 12 a and merchant related information, such as a merchant identifier, 12 b. Typically, payment device reader 12 is configured to send payer and payment information, merchant information (such as merchant identifier), and/or position information to a payment processing system 14, to request an amount to be charged against the account of payer for the transaction.

Alternatively, payment device 11 may be a mobile commerce device configured to directly transmit payer, payment, payee, and/or position information to payment processing system 14, to request an amount to be charged against the account of payer for the transaction.

Further, in alternate embodiment, in lieu of an identifier of the location of the transaction, i.e. the location from where the request is submitted, information leading to the identifying of the location, e.g. name and branch of the merchant, may be sent instead. The payer information etc. may be sent as part of the request or after an initial request for the transaction.

Payment processing system 14 is configured to determine the location or position of the payment device and/or payment device reader by the position information received from position sensor 11 a or 12 a. In one embodiment, payment processing system 14 is implemented with a conventional computing system having storage medium having stored therein programming instructions implementing the teachings of the present invention, and one or more processor to execute the programming instructions.

Alternatively, the payment processing system 14 is configured to detect the position of the payment device reader (and therefore, the position of the payment device in a payment device-present transaction), by resolving merchant information (such as the merchant identifier) using a database of known merchant locations. For example, a merchant having the merchant identifier 1234567 may correspond to a convenience mart on the corner of 5^(th) and Vine streets in a particular town.

For the illustrated embodiment, system 10 further includes a position-sensing device 16 having a position sensor 16 b. Position-sensing device 16 may be a mobile telephone, watch, jewelry, computing device, global positioning unit, or other device including a position sensor 16 b. Typically, except for its novel employment to prevent fraud under the present invention, position-sensing device 16 is otherwise not involved in payment related to the transaction entered into by payment device 11.

The position-sensing device 16 is configured to send position information to a position tracking system 18. The communication link between position tracking system 18 and position-sensing device 16 may be a satellite link such as used in a global positioning satellite system, radio frequency link, optical link such as infrared, or virtually any other communication link suitable for use in position detection.

Position tracking system 18 is configured to communicate the position information for the position-sensing device 16 to payment processing system 14. To detect a fraudulent use of payment device 11, payment processing system 14 is configured to compare the position of position-sensing device 16 to the location or position of a current transaction involving payment device 11 (i.e., the location or position of payment device 11 and/or payment device reader 12).

If the locations of the position-sensing device 16 and the payment device 11 are different, or alternatively, if the locations of the position-sensing device 16 and the payment device reader 12 are different, then the payment processing system is configured to determine that there is a possibility of fraud in the current transaction. Upon determining the possibility of fraud, the payment processing system is configured to take a designated action, such as preventing the completion of the transaction.

In embodiments, the requirement of the possession of the payment device and the position sensing device may be referred to as “double custody” fraud prevention or reduction.

The above embodiment is especially useful for face to face transactions. A cardholder may carry a device that has a built-in position locator within it. The device may be a cell phone, watch, jewelry, wallet, or any other item that a locator could be placed in and that a person would normally carry. The device may even change from day to day. For example, some people currently have three cell phones from various companies and each has a unique feature. One may be extremely compact, one may be large, but can send and receive emails, and the third may have a long battery life. In an embodiment, depending on the needs for a particular day, a person may choose to use one of the three phones and may place a location device in or on that phone. In an embodiment, there may be three phones, but maybe only one location device.

The location device may e.g. be a watch. The location device may be integrated with or removably associated with the watch. The cardholder would inform the credit card company ahead of time, as to the identification number/model of the location device. Once this information is given, the information may be entered into the database, and the system is primed to prevent fraudulent use of a credit card.

The cardholder may turn the watch's tracking device on or off at their leisure, as you can with a cell phone. When the watch's tracking device is on, the database would contain the current location, such as, the coordinates, of the watch (during a transaction).

When the cardholder decides to make a purchase e.g. at the Portland airport (PDX), the cardholder may turn the tracking device on and the database would be provided with the location information of the watch and its owner.

The merchant's machine may send out information about the transaction to the processing company, including the merchant's location. In this case, the location is PDX. The processing system may access the database to verify the merchant's location against the watch's location and registers that the watch is also at PDX and gives a match to permit the transaction to be completed.

Similarly, the above embodiment may be applied to wireless portable Point-Of-Sale (POS) terminals. Individuals may be provided with their own personal portable terminals equipped to provide location information. The merchant's POS terminal may also be portable, and therefore may be relocated and used in a weekly or monthly specialty, fruit or produce market. In like manner, transactions conducted under this “transient” market environment may also be accorded the added fraud prevention as earlier described.

The location information obtained may be used for other purposes besides fraud prevention. Cardholders may access online statements that create a picture of their transaction history. When a cardholder clicks on a particular transaction on their bill, they may have the option to look at a map or satellite overlay of the city and view where the transaction took place. A customer may create a trip diary based off purchases in a set period of time.

It is also believed this system, in some parts, may be used for tracking corporate card user movements.

FIG. 2 shows a payment-device-not-present transaction system 20 according to another embodiment of the present invention. Payment-device-not-present transaction system 20 typically includes a device 21 that is capable of transmitting position information to a payment processing system 24. Typically, device 21 is a mobile telephone or a computing device configured to detect its position as well as to enter into payment transactions using on-board payment information. Payment-device-not-present transaction system 20 typically is configured to enable a user to enter into transaction, such as making a purchase by mobile telephone, or by a computing device (PDA, laptop, desktop, web-enabled mobile telephone, etc.) over a computer network, or in another manner in which the user is not required to present a payment device, such as a credit card at the point of sale.

Device 21 may include an interface configured to be used to input transaction data for a transaction, such as a purchase, to be entered into by the user. This transaction data may include payer information, items to be purchased, payment information etc. Device 21 may also include a position sensor 22 configured to detect a position of the device and send this position information to payment processing system 24 via a wireless or a wireline communication link. Thus, device 21 is typically configured to send substantially simultaneously the transaction data and position information to payment processing system 24. Payment processing system 24 includes an associated database of permissible and/or impermissible use areas for a particular user's device 21.

Payment processing system 24 is configured to check position information of the device 21 against the permissible and/or impermissible use areas for each user, and thereby determine if the device is being used in an impermissible use area for the user. If so, the system 24 is configured to indicate that a possibility of fraud exists in the pending transaction. If the possibility of fraud is detected, the system may be configured to take an action, such as preventing fulfillment of the transaction due to the possibility of fraud.

The payment processing system may be implemented with conventional computing system with storage medium having programming instructions designed to implement the present invention, and one or more processors to execute the programming instructions.

The above embodiment is particularly useful in preventing fraud in e-commerce transactions over a public network, such as the Internet. Typically, when a cardholder orders a product or service via the Internet or telephone, there is no good way to know, in real-time, where that person and credit card are. A thief in Baltimore could be using an Oregonian's card information.

Under the present invention, when a cardholder is issued a card, the cardholder may be asked to give the geographic location of their home and office, as well as any other locations that the cardholder frequently place on-line orders and use the credit card. This information may be obtained during the application process or on an ongoing basis. The information may be entered into a database.

Thus, when an on-line order is placed through a device equipped to also sense and provide current location information to the order processing system, the order processing system may check the database for whether the transaction is being conducted from a permissible location. If the transaction is not being conducted from a permissible location, the transaction may be rejected. Additionally, a warning in the form of a message and/or a call may be provided to the cardholder.

GPS, cell phones, and other wireless devices may not work in all places, all of the time. Communication errors may often occur inside basements or underneath a canopy, etc. The FCC also must allow for interference. Black outs are becoming less of an issue over time as more towers are built and satellites are deployed, however, in some form or another, this will always be an issue.

The solution may be a smart database that tracks the velocity of the double custody device. For example, if the device is heading south at a velocity of 40 miles per hour and there is no coverage for an hour, the database could set up a grid displaying a 40 mile radius in which the transaction could possible occur. A red flag would be raised if the credit card were used outside this radius. The database may also factor in qualitative data, such as whether or not the last coverage occurred at an airport. In this scenario, the database might allow the velocity to be 400 miles an hour. The database may know that a certain coordinate has consistent coverage difficulties and may allow transactions based off previous history of the area. The parameters may be configured in a variety of ways, including time limits and authorization limits.

The embodiment may also potentially assist in the capturing of a credit card thief attempting to perpetrate the fraudulent transaction. If the credit card thief is making the fraudulent transaction from a device equipped to provide location information as described above, the location information could pin point where the transaction was initiated, making apprehension easier.

As shown in FIG. 3, an access device-present transaction system 100 is provided according to one embodiment of the present invention. System 100 is typically configured to use location indicators, alone or in combination with other parameters, to determine whether or not a user may operate on a particular virtual private computer network. Access device-present transaction system 100 typically includes an access device 110 configured to access network 120. The access device 110 may be a laptop, PDA, cell phone, or any other type of computing device configured to access a computer network, such as network 120, which may be the Internet.

Device 110 typically includes position sensor 110 a, and may be connected to network 120 via a communication link 130. Communication link 130 may be a wireless, radio, optical, USB, or virtually any other link that allows device 110 to communicate with network 120.

Upon establishment of link 130, device 110 is further configured to communicate with and/or operate on a variety of sub-networks, websites, etc. on network 120.

The network 120 typically includes a virtual private network (VPN) 120 a and is configured to allow access device 110, and similar devices to communicate with, and/or operate on VPN 120 a.

Upon being accessed by device 110, VPN 120 a is configured to send access and/or position information of device 110 to a VPN access control system 140. In alternate embodiments, the access and/or position information of device 110 may be provided to VPN access control system 140 directly.

System 140 is configured to use the access and/or position information received from VPN 120 a and/or information directly from device 110, along with position information received from position tracking system 180, discussed below, to determine if device 110 may operate on network 120 a.

System 100 further includes a position-sensing device 160 having a position sensor 160 b. Position-sensing device 160 may be a mobile telephone, watch, jewelry, computing device, global positioning unit, or other device including a position sensor 160 b. Typically, except to facilitate access device 110 in gaining access to VPN 120 a, position-sensing device 160 is otherwise not involved in the access of VPN 120 a by access device 110.

The position-sensing device 160 is configured to send position information to a position tracking system 180. The communication link between position tracking system 180 and position-sensing device 160 may be a satellite link such as used in a global positioning satellite system, radio frequency link, optical link such as infrared, or virtually any other communication link suitable for use in position detection. Position tracking system 180 is configured to communicate the position information for the position-sensing device 160 to VPN access control system 140.

To allow a user of access device 110 to operate on VPN 120 a, VPN access control system 140 is configured to compare the position of position-sensing device 160 to the location or position of access device 110. If the locations of the position-sensing device 160 and the access device 110 are different, or alternatively, if the location of the access device 110 is outside of some predetermined acceptable location, then the VPN access system is configured to determine that there is a possibility of an improper use of device 110, with respect to VPN 120 a.

Upon determining the possibility of improper use, the VPN access control system is configured to take a designated action, such as preventing access device 110 from operating on VPN 120 a. In instances where position information is obtained directly from access device 110, control system 140 may be further configured to compare this information with that obtained from tracking system 180 and use it to either admit or deny access to access device 110 on VPN 120 a, prior to the establishment of a communication link between the two.

The access control system may be implemented with conventional computing system with storage medium having programming instructions designed to implement the present invention, and one or more processors to execute the programming instructions.

As shown in FIG. 4, a security device-present transaction system 200 is provided according to one embodiment of the present invention. System 200 is typically configured to use location indicators, alone or in combination with other parameters, to determine the security clearance for access to a particular secured location. Security device-present transaction system 200 typically includes a security device 210 configured to be read by a security device reader 220. Security device 210 may be a card or badge encoded with security information, such as an access code.

Alternatively, the security device may be a mobile device (such as a mobile telephone) configured to transmit security information to security device reader 220 via an infrared or other communication link. Further, the security device may be any other device capable of providing the appropriate security and position information to security device reader 220. In particular, security device 210 may include a position sensor 210 a, configured to transmit information about its relative geographical location.

The security device reader 220 is typically configured to read security device 210, and to transmit security information received there from, to a security access control system 240. Typically, security access control system 240 knows the location of security device reader 220. Alternatively, security reader 220 may include a position sensor 220 a and may be configured to send position information, along with security information, to security access system 240. Alternatively, security device 210 may be a mobile device configured to directly transmit security and/or position information to security access control system 240 via a wireless link.

Security access control system 240 is further configured to detect the location or position of security device 210 and/or security reader 220 by the position information received from position sensors 210 a, and/or 220 a. Alternatively, the security access control system 240 is configured to detect the position of the security device reader (and therefore the position of the security device in a device-present transaction), by resolving a security identifier 220 b using a database of known security identifier locations. For example, the security identifier 1234567 may correspond to a gated entrance to a secured building.

System 200 further includes a position-sensing device 260 having a position sensor 260 b. Position-sensing device 260 may be a mobile telephone, watch, jewelry, computing device, global positioning unit, or other device including a position sensor 260 b. Typically, except for facilitating validation of the usage security device 210, position-sensing device 260 is otherwise not involved in the transaction entered into between security device 210 and security access control system 240 (via security reader 220), or similar transactions.

The position-sensing device 260 is configured to send position information to a position tracking system 280. The communication link between position tracking system 280 and position-sensing device 260 may be a satellite link such as used in a global positioning satellite system, radio frequency link, optical link such as infrared, or virtually any other communication link suitable for use in position detection. Position tracking system 280 is configured to communicate the position information for the position-sensing device 260 to payment processing system 240.

In order to detect an improper use of security device 210, security access control system 240 is configured to compare the position of position-sensing device 260 to the location or position of a current transaction involving security device 210 (i.e., the location or position of security device 210 and/or security device reader 220). If the locations of the position-sensing device 260 and the security device 210 are different, or alternatively, if the locations of position-sensing device 260 and security reader 220 are different, then the security access control system is configured to determine that there is a possibility of improper use of the security device in the current transaction.

Upon determining the possibility of improper use, the system 240 is configured to take a designated action, such as warning a security attendant and/or by automatically locking an entrance to a secured area.

The security control system may be implemented with conventional computing system with storage medium having programming instructions designed to implement the present invention, and one or more processors to execute the programming instructions.

Thus, it can be seen from the above descriptions, various novel location based method and apparatus for fraud prevention or reduction, including “double custody” methods, have been described.

While the present invention has been described in terms of the foregoing embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments described. The present invention can be practiced with modification and alteration within the spirit and scope of the appended claims.

In particular, the present invention may be practiced to control access to physical resources or spaces without the employment of separate location sensor device, similar to the embodiment of FIG. 2 as an alternative to the embodiment of FIG. 1.

Further, the present invention may be employed selectively for only certain high value transactions, usages or accesses. Rules may be pre-established to facilitate identification of the higher value transactions, usages or accesses, and trigger the application of the present invention.

Yet further, the present invention may be used to accumulate the locations where the transactions are occurred, and a user may access the accumulated information to create a geographic picture or diary of the transactions conducted over a selected period.

Thus, the description is to be regarded as illustrative instead of restrictive on the present invention. 

1-20. (canceled)
 21. A method for detecting fraud in a transaction, the method comprising: receiving by a request processor a request for a first entity to conduct a transaction with a second entity, wherein the first entity and the second entity are not present in the same location; detecting by the request processor a position of a payment device to be used by the first entity to conduct the transaction; determining by the request processor whether the position corresponds to a permissible or impermissible use area for the first entity to conduct the transaction; and permitting by the request processor the transaction to continue if it is determined that the position corresponds to a permissible use area.
 22. The method of claim 21, further comprising flagging the request as potentially fraudulent if it is determined that the position does not correspond to a permissible use area.
 23. The method of claim 21, further comprising denying the request if it is determined that the position corresponds to an impermissible use area.
 24. The method of claim 21, wherein detecting by the request processor a position of a payment device to be used by the first entity to conduct the transaction comprises receiving position information wirelessly from the payment device.
 25. The method of claim 24, further comprising receiving by the request processor transaction information from the payment device.
 26. The method of claim 21, wherein determining by the request processor whether the position corresponds to a permissible or impermissible use area to conduct the transaction comprises comparing by the request processor the detected position of the payment device to a permissible and/or impermissible use area stored in a database accessible by the request processor.
 27. The method of claim 21, wherein the payment device is a computing device, a mobile commerce device, a mobile telephone, or a point of sale terminal.
 28. A request processing method with reduced likelihood of fraud, comprising a request processor: receiving a request submitted via a device to conduct a transaction, access data, access a physical or informational resource, or access a secured area; receiving from the device a location identifier indicating a location where the request is submitted or information that can lead to identification of the location where the request is submitted; determining whether the location corresponds to a permissible or impermissible use area for the first entity to conduct the transaction, access the data, access the physical or informational resource, or access the secured area; and determining whether to service the request based at least in part on the received location identifier or information and if it is determined that the location corresponds to a permissible use area.
 29. A request processing method with reduced likelihood of fraud, comprising a request processor: receiving from a device a first location identifier indicating a first location of the device at a first time; receiving at a second time a request submitted via the device to conduct a transaction, access data, access a physical or informational resource, or access a secured area; receiving from the device at the second time a second location identifier indicating a second location of the device at the second time; and determining whether to service the request based at least in part on whether the second location is permissible based on the device being present at the first location at the first time and being present at the second location at the second time.
 30. The method of claim 29, wherein the payment device is a computing device, a mobile commerce device, or a mobile telephone.
 31. The method of claim 29, further comprising receiving from the device velocity information indicating a velocity of the device at the first time.
 32. The method of claim 31, wherein determining whether to service the request is further based on the indicated velocity.
 33. The method of claim 29, wherein determining whether to service the request is further based on a determined velocity of the device.
 34. The method of claim 29, wherein determining whether to service the request is further based on one or more qualitative data.
 35. The method of claim 29, wherein determining whether to service the request is further based on one or more established time limits.
 36. The method of claim 29, wherein determining whether to service the request is further based on one or more established authorization limits.
 37. A request processing method with reduced likelihood of fraud, comprising a request processor: receiving from a position sensing device a first location identifier indicating a first location of the position sensing device at a first time; receiving at a second time a request to conduct a transaction, access data, access a physical or informational resource, or access a secured area via another device associated with the position sensing device; receiving from the position sensing device at the second time a second location identifier indicating a second location of the position sensing device at the second time; and determining whether to service the request based at least in part on whether the second location is permissible based on the position sensing device being present at the first location at the first time and being present at the second location at the second time.
 38. The method of claim 37, wherein the another device is a credit card, a computing device, a mobile commerce device, or a mobile telephone.
 39. The method of claim 37, further comprising receiving from the position sensing device velocity information indicating a velocity of the position sensing device at the first time.
 40. The method of claim 39, wherein determining whether to service the request is further based on the indicated velocity.
 41. The method of claim 37, wherein determining whether to service the request is further based on a determined velocity of the position sensing device.
 42. The method of claim 37, wherein determining whether to service the request is further based on one or more qualitative data.
 43. The method of claim 37, wherein determining whether to service the request is further based on one or more established time limits.
 44. The method of claim 37, wherein determining whether to service the request is further based on one or more established authorization limits. 